- Google has announced that the number of fraudulent transactions from Chrome extensions has gotten out of hand.
- The tech giant decided to suspend all commercial extensions, for now, safeguarding the users from getting charged.
- Developers won’t be able to upload new extensions or update their existing ones for an unknown period of time.
Google has announced that due to a sudden spike in fraudulent transactions from various commercial extensions for the Chrome browser, they are suspending them all until further notice. Google figured that taking preventive action against the possibility of allowing third parties to exploit users is the right path to take right now, as they will most likely develop a stricter context of reviewing all software that goes into the Chrome Web Store. Of course, banning everything without discrimination naturally results in the suspension of legitimate and safe extensions like the Dashlane password manager, or the Comeet meeting planner.
That said, Google’s move has the potential to severely impact the productivity of millions of users soon, and considering the vast userbase of the Chrome browser, a solution to this situation shouldn’t take long to manifest. Google has provided no timelines about when they will resolve the issue, but they did reassure the developers and the users that they will do it as quickly as possible. The ban started “rolling out” on Friday night, although some extension developers claim that Google has been blocking addons without explanations from an earlier point.
The nondiscriminatory and indefinite suspension includes all commercial extensions that require a one-time purchase, subscription payments, and in-app purchases that unlock additional features or services. Any developers trying to upload or update such apps on the Web Store will get the following rejection message: “Spam and Placement in the Store”. The option to appeal the rejection is still provided, but for now, it is unlikely that the fate of the upload/update will be any different. On the contrary, some developers who tried uploading their extensions many times and failed have even received a permanent suspension of their accounts.
For the people who are already using commercial extensions on Chrome, their access won’t change but they will be unable to receive any updates. This last part is where an unnecessary risk is introduced for the average user. Extensions that aren’t updated for a while will gradually form security cracks for malicious actors to use. For example, if a new flaw on Dashlane is discovered and published, the users of the popular password manager extension will be vulnerable to exploitation for an unknown period of time. That said, and no matter the scale of the abuse that led Google to the decision to take such drastic measures, they should have followed a more targeted pest-control approach.